The HIPAA Safeguards your Practice Needs

Chances are, your organization already has some sort of a HIPAA compliance program in place.

But is it doing enough?

How confident are you that your organization could pass a HIPAA audit if one of your employees had their phone stolen?

Having a total HIPAA compliance program is absolutely essential to keeping your business in health care safe. With fines reaching into the millions of dollars for violations as simple as a stolen laptop, the consequences have never been more concrete.

The truth is: most HIPAA compliance programs aren’t keeping you safe. When it comes to HIPAA, federal fines range from $100-$50,000 per incident. The range depends upon the level of perceived negligence auditors detect over the course of the investigation.

That means that if you have a compliance program that only addresses parts of the regulation, you’re putting your company in serious risk. Fines, violations, and civil lawsuits happen every day. Just check out the OCR Wall of Shame for yourself– these are the reported violations that will result in a HIPAA audit this year. If you don’t have an effective compliance program in place, you could be staring down the barrel at thousands in fines. And having your company’s name listed on the Wall of Shame damages your hard-fought reputation.

What are Effective HIPAA Safeguards?

According to the federal regulation, these are the necessary HIPAA safeguards that you can put in place to protect your practice.

Self-Audits – HIPAA requires you to conduct annual audits of your practice to assess Administrative, Technical, and Physical gaps in your compliance with HIPAA Privacy and Security Rules and HITECH.

Policies, Procedures, Employee Training – To avoid HIPAA violations in the future, you’ll need to develop Policies and Procedures corresponding to HIPAA regulatory standards. Annual employee training on these Policies and Procedures is also required, along with documented legal attestations.

Documentation – Your practice must document efforts you take to become HIPAA compliant. This documentation is critical during a HIPAA investigation with HHS. Documentation must be retained for six years or more depending on state privacy laws.

Business Associate Management – You must document all vendors with whom you share PHI, and execute Business Associate Agreements to ensure PHI is handled securely and mitigate liability. BAAs must be reviewed annually to ensure they reflect the most current relationships with your business associates.

Incident Management – If your practice has a data breach, you must have a process to document the breach and notify patients that their data has been compromised.

Compliancy Group is Here to Help

With our proven methodology, not a single client has ever failed an OCR or CMS audit.